{"id":965,"date":"2026-02-10T14:23:03","date_gmt":"2026-02-10T13:23:03","guid":{"rendered":"https:\/\/whoami.lausitz-event.info\/?p=965"},"modified":"2026-02-10T15:00:21","modified_gmt":"2026-02-10T14:00:21","slug":"opensource-tokenloesung-privacyidea","status":"publish","type":"post","link":"https:\/\/whoami.lausitz-event.info\/?p=965","title":{"rendered":"OpenSource Tokenl\u00f6sung – privacyIDEA"},"content":{"rendered":"\n\n

Die Verwendung statischer Passworte grenzt heutzutage schon an Leichtsinnigkeit. Die Anschaffung einer MFA L\u00f6sung kostet auch ein paar Taler und den Betrieb (Token ausstellen\/sperren\/...) daf\u00fcr sollte man auch nicht vernachl\u00e4ssigen. Meist muss man diese L\u00f6sung noch mit einem entsprechenden Radius Server verheiraten. Also alles nicht so leicht, oder doch?<\/p>\n\n\n\n\n\n

Mit privacyIDEA kommt man dem ganzen einen Schritt n\u00e4her. Kommen wir zur Sache.<\/p>\n\n\n\n\n\n

Grundlage unseres Tokenservers bildet ein Ubuntu 24.04<\/p>\n\n\n\n\n\n

Installation der Repo<\/strong><\/p>\n\n\n\n\n\n

wget https:\/\/lancelot.netknights.it\/NetKnights-Release.asc\ngpg --import --import-options show-only --with-fingerprint NetKnights-Release.asc\napt-key add NetKnights-Release.asc\nmv NetKnights-Release.asc \/etc\/apt\/trusted.gpg.d\/\nadd-apt-repository http:\/\/lancelot.netknights.it\/community\/noble\/stable<\/code><\/pre>\n\n\n\n\n\n
Installation privacyIDEA<\/strong><\/p>\n\n\n\n\n\n
apt update\napt install privacyidea-apache2<\/code><\/pre>\n\n\n\n\n\n
Installation FreeRradius<\/strong><\/p>\n\n\n\n\n\n
apt-get install privacyidea-radius<\/code><\/pre>\n\n\n\n\n\n
Anlegen eines Admin Nutzer f\u00fcr die Tokenverwaltung<\/strong><\/p>\n\n\n\n\n\n
# pi-manage admin add <username> -e <eMail>\npi-manage admin add admin -e admin@localhost<\/code><\/pre>\n\n\n\n\n\n
Konfiguration FreeRadius \/etc\/freeradius\/3.0\/clients.cfg<\/strong><\/p>\n\n\n\n\n\n
client fortigate {\n        ipaddr = 192.168.100.1\n        secret = testing123\n        }<\/code><\/pre>\n\n\n\n\n\n
<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"
Die Verwendung statischer Passworte grenzt heutzutage schon an Leichtsinnigkeit. Die Anschaffung einer MFA L\u00f6sung kostet auch ein paar Taler und den Betrieb (Token ausstellen\/sperren\/...) daf\u00fcr sollte man auch nicht vernachl\u00e4ssigen. Meist muss man diese L\u00f6sung noch mit einem entsprechenden Radius Server verheiraten. Also alles nicht so leicht, oder doch? Mit privacyIDEA kommt man dem ganzen […]<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1,3,12,23,11],"tags":[],"class_list":["post-965","post","type-post","status-publish","format-standard","hentry","category-allgemein","category-it","category-linux","category-netzwerk","category-security"],"_links":{"self":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=965"}],"version-history":[{"count":2,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/965\/revisions"}],"predecessor-version":[{"id":968,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/965\/revisions\/968"}],"wp:attachment":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}